the remote voip switch needsd to establish the site to site vpn with the PIX so the IP phones can communicate to the local voip box.
we are trying this now. i set up the PIX already to receive the connection.

The site to site VPN setup on the PIX is basically the same assuming an ipsec-compliant remote site firewall/VPN device. Configuration details would be specific to the model of device you are connecting.

no we don't have anything either. this is a beta product. i have never worked with it myself and that portion of it is being handled by someone else. my end is just to get the PIX to receive and accept the site to site connection. it sounds strange, but this is how the company does things.

they want to try this to get past the issues we are having running voip through a vpn client session.

Without a device to establish the VPN tunnel you're not going to get very far... but my original post applies - a site-to-site VPN to the PIX would use basically the same config if the "remote" site is IPSEC-compliant. Witout a firewall or otherwise you'll be hard-pressed to establish a site-to-site VPN ftom the remote device....

We're going to need more information on that device and if it supports IPSEC.
Does it support any of these? You can setup your PIX to use most any combination in your transform set and policies.
DES? 3DES? SHA? MD5? DH group 1? Group2? AES? Group 5? PFS?
Does it have its own Public IP, or does the DSL modem/router do NAT in front of it?

>the bcm will have a private ip and be behind a dsl modem that will do the NAT for it.
That makes it difficult to setup an IPSEC tunnel with a NAT device in front of it. Is the modem capable of port-forwarding specific ports to the private IP of the BCM?
Feels like we're just digging a hole here

>Authentication Algorithm- set as MD5- option "SHA1"
MD5 and SHA are mutually exclusive. It's one or the other...
I'll try to put together a sample config for the pix that matches this requirement a little later this evening...

--- On the BCM, there is next an option for an "IP Policy", which if created appears to allow Branch Tunnel Address Mapping rule, Local and Remote Address Type, start -----and end address and local and remote port. We had not previously configured from this area..

---Back to the main page options...

Local ID Type; IP

Content; Blank

My IP Address; x.x.91.102

Peer ID Type; IP

Content; Blank

Secure Gateway Address; x.x.54.5 (this is the remote peer address)

Security Info-

VPN Protocol; ESP (there is an option to use AH)

Pre Shared Key; xxxxron1

Encryption Algorithm; DES (there are options for 3DES,AES, NULL)

Authentication Algorithm; MD5 (there is an option touse SHA1)

Enable Replay Detection; YES

SA Life Time; 28800

Key Group; DH1 (there is an option to use DH2)

Perfect Forward Secrecy(PFS); DH1 (there is an option to use DH2 or None)

I wsh you luck. If the VPN tunnel is up then both BCMs should be able to "talk" using their private IP addresses, assuming the VPN is "open" between sites. Removing the PIX, however, makes me think there is not a VPN tunnel. Still curious what the BCMs capabilities are. Is this maybe a NAT traversal issue?

Featured Post

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations. Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.

Both in life and business – not all partnerships are created equal.
As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:
• Key questions to ask when considering a partnership to accelerate your business into the cloud
• Pitfalls and mistakes other partners…